ESET Researchers Win 1st Peter Szor Award for their Operation Windigo Research

ESET researchers were honored with the award on their brilliant research on Windigo malware during VB2014 in Seattle, WA, USA.

MUMBAI, India – October 30, 2014 – ESET, a global pioneer in proactive protection for more than 25 years, won the first annual ‘Peter Szor Award’ by Virus Bulletin for their research on Operation Windigo – the credential-stealing Linux server-side malware. Operation Windigo was led by ESET researchers Olivier Bilodeau, Pierre-Marc Bureau, Joan Calvet, Alexis Dorais-Joncas, Marc-Etienne Léveillé and Benjamin Vanheuverzwijn. 

For Peter Szor Award, four pieces of research were nominated, out of which ESET’s Operation Windigo research bagged this prestigious award. Peter Szor Award aims to recognize the best piece of technical security research published each year.

Mr Pankaj Jain, Director at ESET India said, “Three years of continuous research on Operation Windigo by our researchers has helped uncover the compromised servers, to provide cleaning tips and simple recommendations for Linux users. We believe we have the technical expertise to drive ESET to the leadership position in the AV segment.

In March 2014, ESET gained public attention when it has revealed that more than 500,000 PCs and 25,000 unique servers have been compromised in the last two years by Operation Windigo. ESET has also stated that, the Windigo network was sending 35 million daily spam messages and redirecting more than 500,000 web visitors to exploits kits each day.

This operation has been ongoing since at least 2011 and has affected high profile servers and companies. ESET researchers have done a detail report on operating this and provided details on the number of users that have been victimized and the exact type of resources that are now in control of the gang. Furthermore, the team has provided a detailed analysis for the three main malicious components of this operation: Linux/Ebury*, Linux/Cdorked* and Perl/Calfbot*.

Please click on the PDF icon (on the right hand side) to view and download the complete report of Operation Windigo Click Here.

*Windigo is a malicious group which has compromised thousands of Linux and Unix servers. The compromised servers are used to steal SSH (Secure Shell) credentials, redirect web visitors to malicious content and send spam.

*Linux/Ebury – an OpenSSH backdoor used to keep control of the servers and steal credentials

*Linux/Cdorked – an HTTP backdoor used to redirect web traffic. We also detail the infrastructure deployed to redirect traffic, including a modified DNS server used to resolve arbitrary IP addresses labeled as Linux/Onimiki

*Perl/Calfbot – a Perl script used to send spam

# # #

About ESET

Founded in 1992, ESET is a global provider of security solutions for businesses and consumers. ESET’s flagship products ESET NOD32 Antivirus, ESET Smart Security and ESET Cyber security for Mac are trusted by millions of global users. ESET NOD32 Antivirus holds the world record for the number of Virus Bulletin “VB100” Awards, and has never missed a single “In-the-Wild” worm or virus since the inception of testing in 1998.

The Company has global headquarters in Bratislava (Slovakia), with regional distribution headquarters in San Diego (U.S.), Buenos Aires (Argentina), and Singapore. ESET has malware research centers in Bratislava, San Diego, Buenos Aires, Prague (Czech Republic), Krakow (Poland), Montreal (Canada), Moscow (Russia), and an extensive partner network in 180 countries.

In India ESET products are exclusively supplied and supported by “ESS Distribution Pvt Ltd”. The sales of ESET products are executed through the Channel Partners across India. Website:


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: